search

tigase / tigase-server

(M) Highly optimized, extremely modular and very flexible XMPP/Jabber server
https://tigase.net
GNU Affero General Public License v3.0
316 stars 106 forks source link

The BOSH port denies the connection #218

Open weiweipang opened 3 months ago

weiweipang commented 3 months ago

The BOSH port refused the connection after 300 users connected to tigase,Other ports are accessed properly ,Is there an upper limit for connecting the BOSH port

Note: The BOSH port is brokered using nginx

Use the following default Settings

bosh { connections { 5280(){} } seeOtherHost {} }

Details (please complete the following information):

hantu85 commented 3 months ago

There is no limit on max number of open connections for Bosh in Tigase (with exception of limits of the server, like CPU or memory).

However, each port of Tigase XMPP Server has a limit on number of connections established in each second. For Bosh that is 1000 new connections per second. However, as each Bosh XMPP stream consists of multiple HTTP connections (each stanza exchange is a separate connection), it might occur that you reached this limit with 300 users connecting very fast or exchanging a lot of data (ie. during XMPP connection establishment).

You could try to raise this limit to 2000 with following configuration:

bosh { 
    connections { 
        5280 () {
            'new-connections-throttling' = 2000
        } 
    } 
    seeOtherHost {} 
}
weiweipang commented 3 months ago

There is no limit on max number of open connections for Bosh in Tigase (with exception of limits of the server, like CPU or memory).

However, each port of Tigase XMPP Server has a limit on number of connections established in each second. For Bosh that is 1000 new connections per second. However, as each Bosh XMPP stream consists of multiple HTTP connections (each stanza exchange is a separate connection), it might occur that you reached this limit with 300 users connecting very fast or exchanging a lot of data (ie. during XMPP connection establishment).

You could try to raise this limit to 2000 with following configuration:

bosh { 
    connections { 
        5280 () {
            'new-connections-throttling' = 2000
        } 
    } 
    seeOtherHost {} 
}

The CPU and memory are normal, but the phenomenon is that the BOSH port cannot be accessed for a short period of time, and it will heal itself after a while

hantu85 commented 3 months ago

What you are describing would suggest that you are hitting throttling limits.

weiweipang commented 3 months ago

What you are describing would suggest that you are hitting throttling limits.

I raised the limit on the number of connections, but the problem still persists,Does the value of this parameter represent the actual number of connected users?

bosh { 
    connections { 
        5280 () {
            'new-connections-throttling' = 2000
        } 
    } 
    seeOtherHost {} 
}

The final configuration is as follows in config-dump.properties,are there any other parameters that need to be adjusted, for example, 'bosh-close-connection' = false


bosh (class: tigase.server.bosh.BoshConnectionManager) {
    'batch-queue-timeout' = 100L
    'bosh-close-connection' = false
    'bosh-extra-headers-file' = 'etc/bosh-extra-headers.txt'
    'bosh-session-close-delay' = 0L
    'client-access-policy-file' = 'etc/client-access-policy.xml'
    compId = 'bosh@zhongfa-im-server-6d478594b9-lssm7'
    'concurrent-requests' = 2
    connectionDelay = 2000L
    'cross-domain-policy-file' = 'etc/cross-domain-policy.xml'
    defHostname = 'zhongfa-im-server-6d478594b9-lssm7'
    'elements-number-limit' = 1000
    'hold-requests' = 1
    ifc = [ '*' ]
    'incoming-filters' = [
        tigase.server.filters.PacketCounter@4cd2e097
    ]
    last_minute_bin_limit = 20971520L
    last_minute_packets_limit = 2500L
    'max-batch-size' = 15
    'max-inactivity' = 10L
    'max-queue-size' = 75161
    'max-session-waiting-packets' = 100
    'max-wait' = 30L
    maxInactivityTime = 600000L
    'min-polling' = 10L
    'net-buffer' = 2048
    'net-buffer-limit' = 2097152
    'outgoing-filters' = [
        tigase.server.filters.PacketCounter@73581c54
    ]
    'packet-delivery-retry-count' = 15
    pipelining = false
    'priority-queue-implementation' = class tigase.util.workqueue.PriorityQueueRelaxed
    'processing-in-threads' = 32
    'processing-out-threads' = 32
    'scheduler-threads' = 2
    'scripts-dir' = 'scripts/admin'
    'send-node-hostname' = true
    'service-connected-timeout' = 60
    'sid-logger-level' = 'OFF'
    total_bin_limit = 0L
    total_packets_limit = 0L
    trafficThrottling = 'xmpp:2500:0:disc,bin:20m:0:disc'
    trusted = null
    'watchdog-delay' = 600000L
    'watchdog-ping-type' = WHITESPACE
    'watchdog-timeout' = 1740000L
    xmppLimitAction = DISCONNECT
    'client-trust-manager-factory' (class: tigase.server.xmppclient.ClientTrustManagerFactory) {
        clientCertCA = null
        clientCertRequired = false
    }
    commands {}
    connections (class: tigase.server.ConnectionManager$PortsConfigBean,
        exportable: true) {
        ports = [ 5280 ]        
        5280 (class: tigase.server.ConnectionManager$PortConfigBean) {
            ifc = null
            'new-connections-throttling' = 3000000L
            socket = plain
            type = accept
        }
    'disco-extensions' {}
    routingComputer (class: tigase.util.routing.RoutingsContainer$SingleMode) {}
    seeOtherHost (class: tigase.server.xmppclient.SeeOtherHost) {
        defaultHost = null
        phases = [
            OPEN
        ]
    }
    sslContextContainer (class: tigase.io.SSLContextContainer) {
        'ephemeral-key-size' = 4096
        'hardened-mode' = secure
        'tls-disable-tls13' = true
        'tls-disabled-ciphers' = null
        'tls-disabled-protocols' = null
        'tls-enabled-ciphers' = [
            'TLS_AES_128_GCM_SHA256',
            'TLS_AES_256_GCM_SHA384',
            'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
            'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
            'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
            'TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384',
            'TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384',
            'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
            'TLS_DHE_DSS_WITH_AES_256_GCM_SHA384',
            'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
            'TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256',
            'TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256',
            'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
            'TLS_DHE_DSS_WITH_AES_128_GCM_SHA256',
            'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384',
            'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
            'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384',
            'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384',
            'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256',
            'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256',
            'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',
            'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
            'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA',
            'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA',
            'TLS_DHE_RSA_WITH_AES_256_CBC_SHA',
            'TLS_DHE_DSS_WITH_AES_256_CBC_SHA',
            'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',
            'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
            'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256',
            'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256',
            'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256',
            'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256',
            'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
            'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
            'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA',
            'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA',
            'TLS_DHE_RSA_WITH_AES_128_CBC_SHA',
            'TLS_DHE_DSS_WITH_AES_128_CBC_SHA',
            'TLS_EMPTY_RENEGOTIATION_INFO_SCSV'
        ]
        'tls-enabled-protocols' = [ 'TLSv1.2', 'TLSv1.1', 'TLSv1' ]
        'tls-jdk-nss-bug-workaround-active' = false
    }
    'stream-error-counter' (class: tigase.server.xmppclient.StreamErrorCounterIOProcessor,
        active: false) {}
    'urn:xmpp:sm:3' (class: tigase.server.xmppclient.StreamManagementIOProcessor) {
        'ack-request-count' = 10
        'ignore-undelivered-presence' = true
        'max-resumption-timeout' = 900
        'resumption-timeout' = 60
    }
}
hantu85 commented 2 months ago

I raised the limit on the number of connections, but the problem still persists,Does the value of this parameter represent the actual number of connected users?


bosh { 
    connections { 
        5280 () {
            'new-connections-throttling' = 2000
        } 
    } 
    seeOtherHost {} 
}

This would set limit of no. of new TCP connections to 2000 per second.

I wonder, as you mentioned that BOSH port is brokered by nginx, are you testing Tigase BOSH directly or with proxy/forwarding over nginx? Because maybe you are hitting some nginx limit?